<?php
/* ----------------------------------------------------------
--               JacoCMS by Jaco Ruit                      --
-------------------------------------------------------------
--     JacoCMS is Open Source and is lincenced under       --
--             GNU General Public Licence v3               --
--          http://www.gnu.org/copyleft/gpl.html           --
-------------------------------------------------------------
--       Please don't remove any text from the footers.    --
-------------------------------------------------------------
-- Credits:   * Jaco Ruit          ~     Scripts,MySQL     --     
-----------------------------------------------------------*/

#important includes
include '../includes/config.php';
include '../includes/database.ext.class.php'; 

#create database connection
$database = new Database();
$database->connect('../includes/config.php');

#finish includes
include '../includes/core.ext.class.php';
include '../includes/settings.class.php';
include '../includes/user.class.php';
include '../includes/article.class.php';
include '../includes/video.class.php';
include '../includes/page.class.php';
include '../includes/comment.class.php';

#vars, classes
$settings = new Settings();
$core = new Core();
$user = new User();
$article = new Article();
$video = new Video();
$page = new Page();
$comment = new Comment();
$panelcode = "<p>Loading..</p>";


session_start();
if((isset($_SESSION['jcmsuname'])) && (isset($_SESSION['jcmspwd'])))
{
	$uname = $core->filter($_SESSION['jcmsuname']);
	$pwd = $core->filter($_SESSION['jcmspwd']);
	
	#validate cookies' info
	if ($user->validateCookie($uname, $pwd) == true)
	{
		
		if(!$user->isAdmin($uname))
		{
			$panelcode = '<div id="panelinfo"><p>You do not have permission to view this.</p></div>';
			$title = 'Access Denied';
		}
		else
		{
			if((isset($_GET['t'])) && (isset($_GET['pid'])))
			{
				$type = $core->filter($_GET['t']);
				$pid = $core->filter($_GET['pid']);
				
				if($type == 'a')
				{
					$exist = $article->checkIfExists($pid);
					if ($exist == false)
					{
						$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
						$title = "Invalid Vars";
						
					}
					else
					{
						$arr = $article->getByID($pid);
						$name = $arr['title'];
						$article->delete($pid);
						$panelcode = '<p>Article: ' . $name . ' was succesful deleted.</p>';
						$title = "Delete Article";
					}
				}
				else if ($type == 'v')
				{
					$exist = $video->checkIfExists($pid);
					if ($exist == false)
					{
						$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
						$title = "Invalid Vars";
						
					}
					else
					{
						$arr = $video->getByID($pid);
						$name = $arr['title'];
						$video->delete($pid);
						$panelcode = '<p>Video: ' . $name . ' was succesful deleted.</p>';
						$title = "Delete Video";
					}
				}
				else if ($type == 'p')
				{
					$exist = $page->checkIfIDExists($pid);
					if ($exist == false)
					{
						$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
						$title = "Invalid Vars";
						
					}
					else
					{
						$arr = $page->getByID($pid);
						$name = $arr['title'];
						$page->delete($pid);
						$panelcode = '<p>Page: ' . $name . ' was succesful deleted.</p>';
						$title = "Delete Page";
					}
				}
				else if ($type == 'c')
				{
					$exist = $comment->checkIfIDExists($pid);
					if ($exist == false)
					{
						$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
						$title = "Invalid Vars";
					}
					else
					{
						$comment->delete($pid);
						$panelcode = '<p>The comment was succesful deleted.</p>';
						$title = "Delete Comment";
					}
				}
				else if ($type == 'u')
				{
					$exist = $user->checkIfIDExists($pid);
					if ($exist == false)
					{
						$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
						$title = "Invalid Vars";
					}
					else
					{
						$username = $user->getNameByID($pid);
						$isAdmin = $user->isAdmin($username);
						if ($username == $uname)
						{
							$panelcode = '<div id="error"><h3>Cannot delete yourself</h3></div>';
							$title = "Delete action aborted";
						}
						else
						{
							if ($isAdmin == true)
							{
								$panelcode = '<div id="error"><h3>Cannot delete an admin</h3></div>';
								$title = "Delete action aborted";
							}
							else
							{
								$user->delete($pid);
								$panelcode = '<p>User: ' . $username . ' was succesful deleted.</p>';
								$title = "Delete User";
							}
						}
					}
				}
				else
				{
					$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
					$title = "Invalid Vars";
				}
			}
			else
			{
				$panelcode = '<div id="error"><h3>Invalid Vars</h3></div>';
				$title = "Invalid Vars";
			}
			
		}
		
		#create template
		$smarty->assign("page", $title);
		$smarty->assign("webname", $settings->getWebsiteName());
		$smarty->assign("panelcode", $panelcode);
		$smarty->display("panel.tpl");
	}
	else
	{
		#evil cookies!
		
		
		
		session_destroy();
		header("Location: login");
	}
}
else
{
	header("Location: login");
}

?>